[Openid-specs-fapi] Fwd: Letter from Vice-President Valdis Dombrovskis: Comments about Redirection
dave.tonge at momentumft.co.uk
Sun Feb 24 20:15:13 UTC 2019
Big merchants will become PISPs, but its not worth it for smaller
The UX doesn't need to be too bad though in a 4 party model - the PISP can
collect consent in a widget on the merchant site before redirecting to the
The negativity against redirection is quite strange as PSD2 essentially
brought in two competing requirements:
- third party payment initiation
- strong customer authentication
Those against redirect have in their mind the mental model of card based
payments where the user enters some numbers in the merchant website and
never interacts with the bank who issued the card. However all card
payments will end up having to be redirected because of the strong customer
authentication requirements - so it is a contradictory position to hold.
I think that most regulators will take a pragmatic position on this based
on whether the bank is putting up "obstacles".
On Sat, 23 Feb 2019 at 05:09, Tom Jones via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:
> Why would the merchant not seek to become the pisp? Then the ux is pretty,
> but highly insecure. Isn't that what PSD is all about?
> thx ..Tom (mobile)
> On Fri, Feb 22, 2019, 7:45 PM Anders Rundgren via Openid-specs-fapi <
> openid-specs-fapi at lists.openid.net> wrote:
>> On 2019-02-22 13:25, nat at sakimura.org wrote:
>> > And interestingly, the Nordic countries support OpenID Connect in the
>> redirect modes. It is actually quite interesting that people gets
>> impression that redirects are user unfriendly where in fact if done
>> correctly, it is hardly noticeable by the user. I probably should bmake a
>> YouTube video about it.
>> In a two-party scenario like a Fintech + Bank it can work fairly smooth.
>> For a three-party scenario like Merchant + PISP + Bank, the UX part as a
>> whole seems like a challenge. That's the video I would like to see!
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-fapi